On Thursday, March 2, 2006, 6:18:15 PM, Maciej wrote:
MS> On Mar 2, 2006, at 6:39 AM, Chris Lilley wrote:
>> Hello www-svg,
>> Jeff Schiller <codedread@gmail.com> wrote:
>>> I'm no security expert, but what about a script that requests a
>>> connection to the localhost on various ports (i.e. FTP 21, etc) and
>>> sniffs about the local host, then sends the data it finds back to the
>>> server through standard ports? Would that effectively open up your
>>> computer by bypassing any firewall since the "attack" would come from
>>> within the localhost browser or do firewalls watch for that sort of
>>> thing too?
>> There are a number of different security models that might be used by
>> different types of svg implementations. For example,[...]
I encourage you to re-read this part.
MS> As mentioned before on this list, this model is insufficient for a
MS> raw socket API that is offered to arbitrary web content.
MS> (1) The real restriction used by web browsers is not just host, but
MS> host+port +scheme. (2)
Yes, that would be another example. It does of course allow access to a
range of other protocols, especially when used with a widely tunnelled
port such as 80.
MS> I think it is unwise to specify networking APIs for the web without
MS> properly addressing the security considerations.
So on the one hand you list an additional security model, demonstrating
the point that there are a variety of models that may be used depending
on circumstance; and on the other hand you seem to want one specific
security model to be mandated?
--
Chris Lilley mailto:chris@w3.org
Chair, W3C SVG Working Group
W3C Graphics Activity Lead
Co-Chair, W3C Hypertext CG